cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
JerryYeh
Level 3

Virus detection in installing the installation built by InstallShield 2019 Professional

We update our InstallShield projects to InstallShield 2019 Professional.

As we implement the installation built by InstallShield 2019 Professional, in installing procedure, some antivirus software will detect the Trojan threat then blocked or deleted infected files.

Finally, when we try to uninstall the application, we failed to uninstall the application.

By the way, antivirus softwares detect nothing  when we implement the installation built by the former version of InstallShield, and the uninstallation successes.

Do you have any solutions to fix the issue?

Thanks

Labels (1)
0 Kudos
23 Replies
banna_k
Revenera
Revenera

Hi @JerryYeh,  

Nothing to worry about this, basically anti virus software has its own virus definition and algorithm to identify the threats to the system, and these virus definitions /rules are updated almost daily to cope with the latest threats to the system. Usually, anti virus software continuously monitor the system changes and block the suspicious executable if it is not authorized to do those system changes according to the their definitions. Some of the system changes monitored by anti virus software are copying and creating files, spawning new process, network communication, changing system policies, accessing the system registry, downloading files, etc. Installer software does all of these during the course of installation. So, only way to get rid of this to make it authorize or update the respective antivirus software definitions through their reporting channel. 

  • Ensure to sign the Setup installer and its pay loads to prove the identity where it is coming from, and ensure to renew the certificate in every year. 
  • Report the false-positive detection to the respective anti virus Software company, through their reporting channel. While reporting, start with the with widely used anti virus Software companies. Because, mostly others will follow the leaders in this market.
0 Kudos

Hi

Thanks for your quickly reply.

I always sign the installation with effective digital signature and make sure all the files package by    InstallShield  through the detection  of antivirus software.

And the suggestion item 2 of reply, reporting to wide used antivirus companies is not the solution for the long-term, even if it is the solution,  it should be Flexera reporting to antivirus software to get authorized of InstallShield , right?

In addition, why the setup.exe built by the previous version of InstallShield products won't be detected to  the malware, it seems only happen in InstallShield 2019 series

Hope Flexera InstallShield will fix the malware problem.

Thanks again

0 Kudos

Hello, is there any response/resolution from Flexera on this issue? have you resolved this issue?
0 Kudos

Hi, @KiranSreeram 

Flexera seem has a updated version of Instllshield 2019 R3 at the end of 2019 before that they have a hotfix updated at the third or fourth season.

After these updated, the issue was resolved.

The  hotfix of Instllshield seem to fix some certification problems, I didon't record the detail of the hotfix.

Hope the reply help you.

 

 

 

0 Kudos

Hi Jerry,
Thanks for your response and guidance.
Installed the hot fix : did not resolve the virus scan detection issue.
Upgraded to IS2019 R3 : Resolved the issue


Thanks
Kiran kumar sreeram
0 Kudos

@KiranSreeram @banna_k 

Seems the hotfix doesn't fix the malware issue, the malware problem come one after another.

We use the InstallShield 2019 to create the empty project then build the installation.

Upload the installation to virustotal website, the file of installation will be detected to malware or trojan.

If you install the installation to PC, some generation files of InstallShield will be detected to trojan effected by Windows Defender. Attachments for your reference.

This problem has caused us a lot of distress.

Hope @flexera  will pay attention to this problem and solve it as soon as possible.

Thanks

 

0 Kudos

We found the file that be created by InstallShield 2019 in C:\Program Files (x86)\InstallShield Installation Information\[GUID]\setup.exe will be detected a dangerous Trojan by Windows Defender.

0 Kudos

We are having the same problem as JerryYeh .

This issues was resolved in 2018 R2.

It appears that patch did not make it into 2019 R3.

We did not load 2019 R1 or 2019 R2.

 

Jeff

0 Kudos

Hi All,

 

I have been using Installshield 1019 R3 premier. I faced the same issue where my installer gets deleted automatically by anti-virus.

however once I signed the setup.exe it's all fixed, 

 

but sometimes some antivirus still detects it as virus and I have to manually tell the antivirus to exempt it

0 Kudos

Hi all

I try to sign DigitalSignature for every file in an InstallShield 2019 empty installation file, but it still be detected the Trojan warning in virustotal.com.

Some antivirus engines don't update any longer, but they still report the warning messages.

Our customers can't understand why our software product can be detected Trojan warning......

 

I have an older version InstallShield, the installatin file build by older version will not have any Trojan warning.

 

0 Kudos
JoseAguilar
Level 2

I'm also having this issue with TRAPS on Installshield 2019 r3

0 Kudos

we have isolated the bug to 2019 R2 and R3. If you load 2019 R1 it works fine. the fix did not make it to R2 and R3

 

thanks

0 Kudos

Do you know how to go about reverting versions on the project file? Since I opened my project with 2019 r3, I cannot open it with 2019 r1.

0 Kudos

I ran virustotal and malwarebytes on three installers we built with InstallShield 2019 R2.

virustotal detected suspicious items.

malwarebytes did not detect any suspicious items.

0 Kudos

if you are using msi basic project you can open the file in ORCA, goto property, change schema value(decrease). save the file and then try to open it in lesser version of installshield
0 Kudos

What is ORCA?

0 Kudos

Orca is a free tool from Microsoft for viewing the tables, summary info., etc. of an msi file. https://docs.microsoft.com/en-us/windows/win32/msi/orca-exe
0 Kudos

Orca didn't do much help for me as I'm working out of Visual Studio; I don't have access to the .msi file.

I opened .ism file in Notepad and came across this setting:

<row><td>SchemaVersion</td><td>779</td></row>

After upgrading to InstallShield 2019 R2 this value changed to 782, I reverted back to 779 and was able to reopen my .ism file in both Visual Studio and in standalone InstallShield 2018 R2.

Looks like this does what I need.

Hopefully someone official from InstallShield can chime in and mention if there are any side effects to this.

0 Kudos

@JoseAguilar ,

When you opened the project file in IS 2019 R3 first time, it would have created a backup project file in the local location which is compatible with your last version. backup file name will be like   [Your Project File Name].ism.XXX.

You can rename this file by removing the last three digit from the file name, and it can be opened in the previous version without any issues. 

More information can be found at the below link: https://helpnet.flexerasoftware.com/installshield25helplib/rn/ReleaseNotes.htm#isreleasenotes_2630790174_1047097

0 Kudos

@banna_k,

I also noticed .ism.779 could be restored and this worked for a product that had only been released once on InstallShield 2019 R2, but I still had to apply the hot-fix on a product that had been released multiple times on this version.

After uninstalling InstallShield 2019 R2, resetting the schema version manually allowed me to reload the setup project at a specific build state and rebuild with InstallShield 2018 R2.

0 Kudos